• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Possible ethical dilemma

Status
Not open for further replies.
P

pstylesss

Platinum Member
I have a client who outsources his website development work to me. The current client I am doing work for wants to accept credit card transactions online via donations and a joining fee.

I informed my client that his clients easiest route would be paypal and second would be through their banks online merchant service. Apparently, they are insisting that the credit card information is emailed to them and they process it manually. Through email I have told my client that it's not secure enough. Even with SSL on the server and if they connect to the email server with SSL it's still not secure. The webserver and email server are on the same box.

I gave them the only way I would be comfortable with not using a merchant service, but the cost for me to code all that was very high and they didn't want to pay.

So, my ethical delima is whether or not I refuse to put in the code to email the CC info since I know it's not secure even though I have informed them.

So what do you guys think?
 
Don't do it, especially if you have a problem with it yourself.

That said, ethics and morality seems to often be ignored in the business world.

edit:

hammer them on using an online merchant service. They exist exactly for this reason.
 
I would submit a written risk evaluation of their options and state that professional standards do not allow you to assume the level of risk for their preferred option. Identity theft is a PITA and standing up against a company that doesn't realize the risk at which they put their customers is a totally honorable thing to do.
 
Originally posted by: AreaCode707
I would submit a written risk evaluation of their options and state that professional standards do not allow you to assume the level of risk for their preferred option. Identity theft is a PITA and standing up against a company that doesn't realize the risk at which they put their customers is a totally honorable thing to do.
Click to expand...

I like this idea a lot.

And please don't initiate an SSL connection if the data isn't going to be handled securely. It's like a bait-and-switch deal.
 
Originally posted by: AreaCode707
I would submit a written risk evaluation of their options and state that professional standards do not allow you to assume the level of risk for their preferred option. Identity theft is a PITA and standing up against a company that doesn't realize the risk at which they put their customers is a totally honorable thing to do.
Click to expand...

:thumbsup:
 
I'm in a dilemma in regards to your "delima." Don't add to the intarwebs problems by allowing them to create an insecure money transfer system.
 
Originally posted by: ConstipatedVigilante
Just say you're not willing to accept any risk of liability for people's money being at risk; they have to pay for the secure transfer or nothing.
Click to expand...

this
 
Originally posted by: MagnusTheBrewer
I'm in a dilemma in regards to your "delima." Don't add to the intarwebs problems by allowing them to create an insecure money transfer system.
Click to expand...

Thanks, fixed it! :thumbsup:

Originally posted by: magomago
Don't do it, especially if you have a problem with it yourself.

That said, ethics and morality seems to often be ignored in the business world.

edit:

hammer them on using an online merchant service. They exist exactly for this reason.
Click to expand...

Originally posted by: AreaCode707
I would submit a written risk evaluation of their options and state that professional standards do not allow you to assume the level of risk for their preferred option. Identity theft is a PITA and standing up against a company that doesn't realize the risk at which they put their customers is a totally honorable thing to do.
Click to expand...

I had done this when I outlined the program I intended to code for what they wanted.

Originally posted by: kranky
Originally posted by: AreaCode707
I would submit a written risk evaluation of their options and state that professional standards do not allow you to assume the level of risk for their preferred option. Identity theft is a PITA and standing up against a company that doesn't realize the risk at which they put their customers is a totally honorable thing to do.
Click to expand...

I like this idea a lot.

And please don't initiate an SSL connection if the data isn't going to be handled securely. It's like a bait-and-switch deal.
Click to expand...

That's what I tried to explain to them...

I have emails documenting all our conversations about this.
 
Status
Not open for further replies.

TRENDING THREADS

Back
Top